US charges North Korean programmer with WannaCry, other massive cyberattacks

A computer programmer allegedly working for the North Korean government has been charged in the US with a series of massive cyberattacks around the world, including the WannaCry ransomware that infected computers in 150 countries and USD 81 million bank heist in Bangladesh.

In a criminal complaint filed on June 8 and made public for the first time Thursday, the Department of Justice alleged that the programmer, Park Jin Hyok, was part of "a wide-ranging multi-year conspiracy" led by the North Korean government and carried out multiple cyberattacks through a front organisation.

Park is charged with one count of conspiracy to commit computer fraud and abuse and one count of conspiracy to commit wire fraud.

The Justice Department alleged that Park was a member of a government-sponsored hacking team known to the private sector as the "Lazarus Group", and worked for North Korean government front company Chosun Expo Joint Venture (Korea Expo Joint Venture or KEJV) to support the North Korean government's "malicious" cyber actions.

Park, who is believed to be in North Korea, conspired to conduct a series of attacks including the creation of the malware used in the 2017 WannaCry 2.0 global ransomware attack; the 2016 theft of USD 81 million from Bangladesh Bank; the 2014 attack on Sony Pictures Entertainment and numerous other attacks or intrusions on entertainment, financial services, defence, technology and virtual currency industries.

The WannaCry ransomware virus infected computers in 150 countries and crippled parts of the British health care system.

As part of the cyber-heist in Bangladesh Bank, Park accessed the bank's computer terminals that interfaced with the Society for Worldwide Interbank Financial Telecommunication (SWIFT) communication system after compromising the bank's computer network with spear-phishing emails, then sent fraudulently authenticated SWIFT messages directing the Federal Reserve Bank of NY to transfer funds from Bangladesh to accounts in other Asian countries.

"The Conspiracy attempted to and did gain access to several other banks in various countries from 2015 through 2018 using similar methods and watering hole attacks, attempting the theft of at least USD 1 billion through such operations, the complaint said.

In addition to these criminal charges, Treasury Secretary Steven Mnuchin announced that the Department of the Treasury's Office of Foreign Assets Control (OFAC) designated Park and KEJV under Executive Order 13722 based on the malicious cyber and cyber-enabled activity outlined in the criminal complaint.

"This group's actions are particularly egregious as they targeted public and private industries worldwide stealing millions of dollars, threatening to suppress free speech, and crippling hospital systems," FBI Director Christopher Wray said.

"The scale and scope of the cyber-crimes alleged by the complaint is staggering and offensive to all who respect the rule of law and the cyber norms accepted by responsible nations, said Assistant Attorney General Demers.

The FBI alleged that the North Korean government, through a state-sponsored group, robbed a central bank and citizens of other nations, retaliated against free speech in order to chill it half a world away, and created disruptive malware that indiscriminately affected victims in more than 150 other countries, causing hundreds of millions, if not billions, of dollars' worth of damage, Demers said.

-PTI